Commit graph

227 commits

Author SHA1 Message Date
Chris Hoffman 194491759d Updating Okta lib for credential backend (#3245)
* migrating to chrismalek/oktasdk-go Okta library

* updating path docs

* updating bool reference from config
2017-08-30 22:37:21 -04:00
Jeff Mitchell f7ac55efc9 Bump go-plugin dep 2017-08-16 11:41:06 -04:00
Jeff Mitchell c5918ff79b Add gcp auth backend (#3183) 2017-08-16 10:31:34 -04:00
Jeff Mitchell 64f9b9f43b Bump go-plugin version 2017-08-15 16:06:56 -04:00
Jeff Mitchell 353cf880be Sync go-plugin from upstream 2017-08-07 15:27:03 -04:00
Jeff Mitchell 1948c7a6db Update go-plugin to include go-hclog support 2017-08-05 15:34:57 -04:00
Jeff Mitchell 7e3ff5e56c Add PROXY protocol support (#3098) 2017-08-02 18:24:12 -04:00
Tony Cai bd35cd2dfe Update vendored library go-hdb (#3097) 2017-08-02 12:53:45 -04:00
Brian Kassouf e0713b307d Add Testing Interface to test helpers (#3091)
* Add testing interface

* Add vendored files
2017-08-01 11:07:08 -07:00
Jeff Mitchell 87bc982256 Sirupsen->sirupsen 2017-07-25 15:49:10 -04:00
Jeff Mitchell c7e6410c75 Remove uppercase Sirupsen logrus dep 2017-07-25 15:36:14 -04:00
Chris Hoffman 2aa02fb3f0 CockroachDB Physical Backend (#2713) 2017-07-23 08:54:33 -04:00
Jeff Mitchell e553fe0d99 Bump deps 2017-07-18 10:15:54 -04:00
Tony Cai 07088fe8a0 Added HANA database plugin (#2811)
* Added HANA dynamic secret backend

* Added acceptance tests for HANA secret backend

* Add HANA backend as a logical backend to server

* Added documentation to HANA secret backend

* Added vendored libraries

* Go fmt

* Migrate hana credential creation to plugin

* Removed deprecated hana logical backend

* Migrated documentation for HANA database plugin

* Updated HANA DB plugin to use role name in credential generation

* Update HANA plugin tests

* If env vars are not configured, tests will skip rather than succeed

* Fixed some improperly named string variables

* Removed unused import

* Import SAP hdb driver
2017-07-07 13:11:23 -07:00
Jeff Mitchell 09d9a2e302 Add missing datadog vendored lib 2017-06-17 01:29:42 -04:00
Jeff Mitchell 33ca94773f Add DogStatsD metrics output. (#2883)
Fixes #2490
2017-06-16 23:51:46 -04:00
Jeff Mitchell f8f95524d0 Update Azure dep (#2881) 2017-06-16 12:06:09 -04:00
Jeff Mitchell b946eefcda Bump deps 2017-06-16 11:14:18 -04:00
Jeff Mitchell 9095e202d7 Update vendoring 2017-06-05 10:51:53 -04:00
Jeff Mitchell ee27dfc37a Finish dep update 2017-05-24 21:16:17 -04:00
Jeff Mitchell 948af0a12b Bump grpc after they fixed their panic 2017-05-24 21:07:45 -04:00
Jeff Mitchell 5c230c796b Add peer cluster address cache 2017-05-24 20:51:53 -04:00
Jeff Mitchell 9d4801b1e8 Revert grpc back a version (they introduced a panic) and clean up a bunch of old request forwarding stuff 2017-05-24 10:38:48 -04:00
Jeff Mitchell af0d347766 Revert azure vendor updates 2017-05-24 10:12:06 -04:00
Jeff Mitchell 01e1754749 Bump deps 2017-05-24 09:40:58 -04:00
Jeff Mitchell 0d4e7fba69 Remove non-gRPC request forwarding 2017-05-24 09:34:59 -04:00
Mitchell Hashimoto c29ee275ce audit: hash time.Time values in map fields (#2689)
This enables audit.Hash to hash time.Time values that may exist as
direct fields in the map. This will error (instead of panic) for any
time.Time values that don't occur within map values. For example, this
does not support a time.Time within a slice. If that needs to be
supported then modifications will need to be made.

This also requires an update to reflectwalk (included in this PR). This
is a minimal change that allows SkipEntry to signal to skip an entire
struct. We do this because we don't want to walk any of time.Time since
we handle it directly.
2017-05-08 14:06:08 -04:00
Brian Kassouf 7dcec6e68f Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 12:40:00 -07:00
mymercurialsky 4c0e3c5d2f Implemented TOTP Secret Backend (#2492)
* Initialized basic outline of TOTP backend using Postgresql backend as template

* Updated TOTP backend.go's structure and help string

* Updated TOTP path_roles.go's structure and help strings

* Updated TOTP path_role_create.go's structure and help strings

* Fixed typo in path_roles.go

* Fixed errors in path_role_create.go and path_roles.go

* Added TOTP secret backend information to cli commands

* Fixed build errors in path_roles.go and path_role_create.go

* Changed field values of period and digits from uint to int, added uint conversion of period when generating passwords

* Initialized TOTP test file based on structure of postgresql test file

* Added enforcement of input values

* Added otp library to vendor folder

* Added test steps and cleaned up errors

* Modified read credential test step, not working yet

* Use of vendored package not allowed - Test error

* Removed vendor files for TOTP library

* Revert "Removed vendor files for TOTP library"

This reverts commit fcd030994bc1741dbf490f3995944e091b11da61.

* Hopefully fixed vendor folder issue with TOTP Library

* Added additional tests for TOTP backend

* Cleaned up comments in TOTP backend_test.go

* Added default values of period, algorithm and digits to field schema

* Changed account_name and issuer fields to optional

* Removed MD5 as a hash algorithm option

* Implemented requested pull request changes

* Added ability to validate TOTP codes

* Added ability to have a key generated

* Added skew, qr size and key size parameters

* Reset vendor.json prior to merge

* Readded otp and barcode libraries to vendor.json

* Modified help strings for path_role_create.go

* Fixed test issue in testAccStepReadRole

* Cleaned up error formatting, variable names and path names. Also added some additional documentation

* Moveed barcode and url output to key creation function and did some additional cleanup based on requested changes

* Added ability to pass in TOTP urls

* Added additional tests for TOTP server functions

* Removed unused QRSize, URL and Generate members of keyEntry struct

* Removed unnecessary urlstring variable from pathKeyCreate

* Added website documentation for TOTP secret backend

* Added errors if generate is true and url or key is passed, removed logger from backend, and revised parameter documentation.

* Updated website documentation and added QR example

* Added exported variable and ability to disable QR generation, cleaned up error reporting, changed default skew value, updated documentation and added additional tests

* Updated API documentation to inlude to exported variable and qr size option

* Cleaned up return statements in path_code, added error handling while validating codes and clarified documentation for generate parameters in path_keys
2017-05-04 10:49:42 -07:00
Brian Kassouf 5ee0d696d4 Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 10:45:18 -07:00
Michael Ansel 30b71cbbac Add constraints on the Common Name for certificate-based authentication (#2595)
* Refactor to consolidate constraints on the matching chain

* Add CN prefix/suffix constraint

* Maintain backwards compatibility (pick a random cert if multiple match)

* Vendor go-glob

* Replace cn_prefix/suffix with required_name/globbing

Move all the new tests to acceptance-capable tests instead of embedding in the CRL test

* Allow authenticating against a single cert

* Add new params to documentation

* Add CLI support for new param

* Refactor for style

* Support multiple (ORed) name patterns

* Rename required_names to allowed_names

* Update docs for parameter rename

* Use the new TypeCommaStringSlice
2017-04-30 11:37:10 -04:00
Jeff Mitchell 9a72b3162f Flip back to sstarcher go-okta post-merge 2017-04-28 17:21:49 -04:00
Jeff Mitchell 0f214cc502 Switch to jefferai/go-okta for now to work around Fatal lines in upstream (#2658)
Switch to jefferai/go-okta for now to work around Fatal lines in upstream
2017-04-28 08:39:51 -04:00
Brian Kassouf af9ff63e9a Merge remote-tracking branch 'oss/master' into database-refactor 2017-04-19 15:16:00 -07:00
Jeff Mitchell e1e78b1409 Update to new Azure code after dep update (#2603) 2017-04-17 12:15:12 -04:00
Jeff Mitchell 563f80d39f Bump deps 2017-04-17 11:17:06 -04:00
Brian Kassouf 5fac259ae6 vendor go-plugin 2017-04-12 14:23:15 -07:00
Jeff Mitchell 4d7a0ab772 Bump deps 2017-03-30 20:03:13 -04:00
Jeff Mitchell 36c84df326 Large update to request forwarding handling. (#2426) 2017-03-02 10:03:49 -05:00
Jeff Mitchell 0060535eed Bump http2 dep to fix Go 1.8 breakage 2017-03-02 00:46:17 -05:00
Jeff Mitchell 362c6a9d6b Add dockertest.v3 to vendor 2017-02-26 16:53:19 -05:00
Jeff Mitchell 8836da35a6 Update deps 2017-02-24 14:36:54 -05:00
Jeff Mitchell 776e120740 Update deps, particularly to ensure https://aws.amazon.com/blogs/developer/aws-sdk-for-go-update-needed-for-go-1-8/ is covered 2017-02-16 23:42:07 -05:00
Jeff Mitchell 864156773a Update go-cleanhttp 2017-02-10 19:34:41 -05:00
Jeff Mitchell 96eef720d6 Bump deps 2017-02-08 02:13:15 -05:00
Matteo Sessa 29d9d5676e RADIUS Authentication Backend (#2268) 2017-02-07 16:04:27 -05:00
Jeff Mitchell 339a502fa1 Update deps 2017-02-02 16:19:55 -05:00
Jeff Mitchell bb229ac94e Update deps 2017-01-26 20:16:19 -05:00
Shane Starcher 6033ea884c Okta implementation (#1966) 2017-01-26 19:08:52 -05:00
Xiang Li 220930f539 etcdbackend: support version auto discovery (#2299) 2017-01-26 17:19:13 -05:00
Jeff Mitchell 595ee9f24a Bump deps 2017-01-13 09:06:34 -05:00
Jeff Mitchell 80dc5819d3 Use dockertest.v2 (#2247)
New dockertest has a totally different API and will require some serious
refactoring. This will tide over until then by pinning the API version.
2017-01-09 13:46:54 -05:00
Jeff Mitchell 6ebf1cf713 Bump deps 2017-01-04 16:47:38 -05:00
Jeff Mitchell 3129187dc2 JWT wrapping tokens (#2172) 2017-01-04 16:44:03 -05:00
Xiang Li 02070e0fc6 physical: add etcd3 backend (#2168) 2017-01-03 14:43:46 -05:00
Conor Mongey 18d2280e4b Update go-syslog package (#2219) 2016-12-31 10:22:25 -06:00
Jeff Mitchell 8346e3bc83 Bump go-multierror to fix panic 2016-12-16 13:45:55 -05:00
Jeff Mitchell 38b9286243 Fix up vendor reverting 2016-12-16 13:35:12 -05:00
Jeff Mitchell 74d35a3f67 Reset vendoring to 0.6.3 2016-12-16 13:31:07 -05:00
Jeff Mitchell fdb4e60596 bump deps 2016-12-13 19:12:26 -05:00
Jeff Mitchell 1bd8482960 Update deps 2016-12-01 14:46:57 -05:00
Christopher Pauley f07a19c503 gcs physical backend (#2099) 2016-12-01 11:42:31 -08:00
Jeff Mitchell ddb9a0ce52 Bump deps 2016-11-16 18:22:54 -05:00
matt maier 57925ee863 Vendor circonus (#2082) 2016-11-10 16:17:55 -05:00
Jeff Mitchell e2d2a23c25 Bump deps 2016-11-02 15:34:30 -04:00
Jeff Mitchell 16991d823e Bump deps 2016-09-30 09:50:46 -04:00
Jeff Mitchell d65da5613c Add missing dep 2016-09-21 14:02:35 -04:00
Jeff Mitchell 0ff76e16d2 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Jeff Mitchell 5dff6a9e1a Update deps 2016-09-12 15:16:55 -04:00
Jeff Mitchell 487e05d25c Update deps 2016-09-02 18:05:09 -04:00
Jeff Mitchell d2239d22d9 Use hkdf for transit key derivation for new keys (#1812)
Use hkdf for transit key derivation for new keys
2016-08-30 16:29:09 -04:00
Jeff Mitchell 58b32e5432 Convert to logxi 2016-08-21 18:13:37 -04:00
Jeff Mitchell bdcfe05517 Clustering enhancements (#1747) 2016-08-19 11:03:53 -04:00
Jeff Mitchell 37320f8798 Request forwarding (#1721)
Add request forwarding.
2016-08-15 09:42:42 -04:00
Jeff Mitchell c1a46349fa Change to keybase openpgp fork as it has important fixes 2016-08-11 08:31:43 -04:00
Jeff Mitchell 3c2aae215c Fix tests and update mapstructure 2016-08-08 16:00:31 -04:00
Jeff Mitchell 1a1ccfedd0 Update Consul lib to use headers for tokens 2016-08-02 17:05:24 -04:00
Jeff Mitchell 4242c70f73 Bump deps before RC 2016-07-26 09:55:35 -04:00
Jeff Mitchell 984a48c195 Update vendored deps 2016-07-22 20:11:59 -04:00
matt maier 6519c224ac Circonus integration for telemetry metrics 2016-07-22 15:49:23 -04:00
Matt Hurne 75a5fbd8fe Merge branch 'master' into mongodb-secret-backend 2016-07-19 10:38:45 -04:00
Jeff Mitchell 04cfa4f88d Whoops, fix vendoring 2016-07-11 23:13:26 +00:00
Jeff Mitchell 57cdb58374 Switch to pester from go-retryablehttp to avoid swallowing 500 error messages 2016-07-11 21:37:46 +00:00
Matt Hurne 8232de5095 Merge branch 'master' into mongodb-secret-backend 2016-07-09 21:14:21 -04:00
Matt Hurne da0bd77dc4 Merge branch 'master' into mongodb-secret-backend 2016-07-07 21:24:40 -04:00
Jeff Mitchell 4146ebed9c Add go-retryablehttp dep 2016-07-07 10:42:08 -04:00
Jeff Mitchell 1da55a151c Update dockertest dep 2016-07-05 15:13:42 -04:00
Matt Hurne 292c2fad69 Merge branch 'master' into mongodb-secret-backend 2016-07-01 20:39:13 -04:00
Jeff Mitchell 04e863c750 Incorporate consul dockertest review feedback 2016-07-01 14:16:38 -04:00
Jeff Mitchell db211a4b61 Migrate Consul acceptance tests to Docker 2016-07-01 13:59:56 -04:00
Matt Hurne acf4b0b637 Merge branch 'master' into mongodb-secret-backend 2016-06-30 16:43:53 -04:00
Jeff Mitchell 0d185b1dca Minor mode update for some deps 2016-06-30 14:52:28 -04:00
Jeff Mitchell a709c3dfba Merge branch 'master-oss' into dockerize-pg-secret-tests 2016-06-30 14:21:05 -04:00
Jeff Mitchell 53b798145d Remove accidental patch file 2016-06-30 14:19:42 -04:00
Jeff Mitchell eb676bb807 Update deps 2016-06-30 14:19:03 -04:00
Jeff Mitchell dc15faabe3 Add needed package 2016-06-30 14:03:13 -04:00
Jeff Mitchell 22e83ae7f5 Dockerize Postgres secret backend acceptance tests
Additionally enable them on all unit test runs.
2016-06-30 13:46:39 -04:00
Matt Hurne 5e8c912048 Add mongodb secret backend 2016-06-29 08:33:06 -04:00
Jeff Mitchell a49cc0a4a5 Update deps, this time removing appengine/go1.7 filter 2016-06-08 16:23:42 -04:00
Jeff Mitchell b299e7d16b Update deps 2016-06-08 16:14:05 -04:00
Jeff Mitchell da6371ffc3 Merge remote-tracking branch 'origin/master' into pr-1425 2016-06-08 12:10:29 -04:00
Jeff Mitchell 18ac72500f Change vendoring 2016-06-08 12:10:12 -04:00
Jeff Mitchell 95f3726f1c Migrate to go-uuid 2016-06-08 10:36:16 -04:00
Jeff Mitchell 1873c32cb2 Update deps 2016-06-08 10:33:08 -04:00
Jeff Mitchell a6c4d6b47d Update/add vendor 2016-06-03 10:29:46 -04:00
Jeff Mitchell 11160ae271 Update vendoring 2016-06-01 10:24:48 -04:00
sayden c68e16a6d0 Zookeeper vendor package updated to fix issue https://github.com/samuel/go-zookeeper/pull/102 2016-05-25 10:32:43 +02:00
Stuart Glenn 6a9ffd9091 Add vendor of ncw/swift for OpenStack Swift backend 2016-05-17 10:22:34 -05:00
Jeff Mitchell 3e71221839 Merge remote-tracking branch 'origin/master' into aws-auth-backend 2016-05-05 10:04:52 -04:00
Jeff Mitchell 28279d193e Update deps 2016-05-03 13:23:05 -04:00
Jeff Mitchell 45a120f491 Switch our tri-copy ca loading code to go-rootcerts 2016-05-03 12:23:25 -04:00
Jeff Mitchell 6ef30efae6 Bump deps. 2016-05-02 20:11:05 -04:00
Jeff Mitchell 3c5ab2352f Add vendored pkcs7 lib 2016-04-29 14:33:08 +00:00
Sean Chittenden 6b2c83564e Teach Vault how to register with Consul
Vault will now register itself with Consul.  The active node can be found using `active.vault.service.consul`.  All standby vaults are available via `standby.vault.service.consul`.  All unsealed vaults are considered healthy and available via `vault.service.consul`.  Change in status and registration is event driven and should happen at the speed of a write to Consul (~network RTT + ~1x fsync(2)).

Healthy/active:

```
curl -X GET 'http://127.0.0.1:8500/v1/health/service/vault?pretty' && echo;
[
    {
        "Node": {
            "Node": "vm1",
            "Address": "127.0.0.1",
            "TaggedAddresses": {
                "wan": "127.0.0.1"
            },
            "CreateIndex": 3,
            "ModifyIndex": 20
        },
        "Service": {
            "ID": "vault:127.0.0.1:8200",
            "Service": "vault",
            "Tags": [
                "active"
            ],
            "Address": "127.0.0.1",
            "Port": 8200,
            "EnableTagOverride": false,
            "CreateIndex": 17,
            "ModifyIndex": 20
        },
        "Checks": [
            {
                "Node": "vm1",
                "CheckID": "serfHealth",
                "Name": "Serf Health Status",
                "Status": "passing",
                "Notes": "",
                "Output": "Agent alive and reachable",
                "ServiceID": "",
                "ServiceName": "",
                "CreateIndex": 3,
                "ModifyIndex": 3
            },
            {
                "Node": "vm1",
                "CheckID": "vault-sealed-check",
                "Name": "Vault Sealed Status",
                "Status": "passing",
                "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
                "Output": "",
                "ServiceID": "vault:127.0.0.1:8200",
                "ServiceName": "vault",
                "CreateIndex": 19,
                "ModifyIndex": 19
            }
        ]
    }
]
```

Healthy/standby:

```
[snip]
        "Service": {
            "ID": "vault:127.0.0.2:8200",
            "Service": "vault",
            "Tags": [
                "standby"
            ],
            "Address": "127.0.0.2",
            "Port": 8200,
            "EnableTagOverride": false,
            "CreateIndex": 17,
            "ModifyIndex": 20
        },
        "Checks": [
            {
                "Node": "vm2",
                "CheckID": "serfHealth",
                "Name": "Serf Health Status",
                "Status": "passing",
                "Notes": "",
                "Output": "Agent alive and reachable",
                "ServiceID": "",
                "ServiceName": "",
                "CreateIndex": 3,
                "ModifyIndex": 3
            },
            {
                "Node": "vm2",
                "CheckID": "vault-sealed-check",
                "Name": "Vault Sealed Status",
                "Status": "passing",
                "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
                "Output": "",
                "ServiceID": "vault:127.0.0.2:8200",
                "ServiceName": "vault",
                "CreateIndex": 19,
                "ModifyIndex": 19
            }
        ]
    }
]
```

Sealed:

```
        "Checks": [
            {
                "Node": "vm2",
                "CheckID": "serfHealth",
                "Name": "Serf Health Status",
                "Status": "passing",
                "Notes": "",
                "Output": "Agent alive and reachable",
                "ServiceID": "",
                "ServiceName": "",
                "CreateIndex": 3,
                "ModifyIndex": 3
            },
            {
                "Node": "vm2",
                "CheckID": "vault-sealed-check",
                "Name": "Vault Sealed Status",
                "Status": "critical",
                "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
                "Output": "Vault Sealed",
                "ServiceID": "vault:127.0.0.2:8200",
                "ServiceName": "vault",
                "CreateIndex": 19,
                "ModifyIndex": 38
            }
        ]
```
2016-04-25 18:01:13 -07:00
Sean Chittenden 2060766107 Update vendor'ed version of hashicorp/consul/lib
Note: Godeps.json not updated
2016-04-25 18:00:54 -07:00
Jeff Mitchell d77f9e0583 Update vendoring 2016-04-26 00:18:04 +00:00
Jeff Mitchell c12dcba9bc Merge pull request #1266 from sepiroth887/azure_backend
added Azure Blobstore backend support
2016-04-25 15:53:09 -04:00
vishalnayak e3a1ee92b5 Utility Enhancements 2016-04-05 20:32:59 -04:00
Tobias Haag 175e3cc354 added Azure backend support
updated Godeps
added website docs
updated vendor
2016-03-30 19:49:38 -07:00
Jeff Mitchell 5104ec5505 Update godeps 2016-03-10 22:50:50 -05:00
Jeff Mitchell 04eb6e79f0 Merge pull request #1200 from hashicorp/sethvargo/hcl_errors
Show HCL parsing errors and typos
2016-03-10 22:31:55 -05:00
Jeff Mitchell 6e52139bed Update HCL in vendor 2016-03-10 17:06:08 -05:00
Seth Vargo 2064a6d56a Update to newest HCL 2016-03-10 15:25:25 -05:00
Chris Hoffman 08c9a075d8 Adding Godeps for mssql 2016-03-03 10:16:59 -05:00
Jeff Mitchell 520d71668d Update .gitignore to remove overzealous application of 'pkg' shadowing
vendor dir.

Also update Travis to stop doing bad things.
2016-02-18 21:51:04 -05:00
Jeff Mitchell cfd908cb73 More dep bumps 2016-02-18 16:37:30 -05:00
Jeff Mitchell 7a4eda156c Migrate to built-in Go vendoring.
This also removes `godep` calls from make scripts. Of note is that
currently `./...` checking in acceptance tests is disabled.
2016-02-18 15:06:02 -05:00